absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 12:49:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a34f9f6164bff0f3dd1eda6847cff9ac6d08be27
serai/crypto/dkg/evrf/README.md
Luke Parker cc5d38f1ce dkg-evrf Security Proofs (#681) 
* Add audit statement for `dkg-evrf`

This doesn't cover the implementation, solely the academia and background.

Also moves the existing audit of the `crypto` folder for organizational
reasons.

* Add files via upload
2025-09-26 11:20:48 -04:00

39 lines
1.9 KiB
Markdown
Raw Blame History

# eVRF DKG
The DKG from the [eVRF paper](https://eprint.iacr.org/2024/397), extended with
Verifiable Encryption premised on the same methodology present in the eVRF
paper.
The DDH-premised VRF is used, yet the different instantiation presented in
section 6.4 premised on elliptic curve divisors. The one-round threshold DKG
presented in section 4.2 is extended, with the following changes:
- Any threshold of `t` participants may complete the DKG. This allows an
adversary to bias the resulting key by choosing the set of participants, yet
offers a robust protocol. The caller is able to choose between robustness and
a lack of bias by completing the DKG with just `t` messages or by waiting for
all `n`. If the caller does opt for robustness, the caller must ensure
participants agree on the subset of participants who actually participated.
- Communication of shares was prior defined as simply sending the share to the
relevant participant, with no description of the channel. Now, a pair of
ECDHs are performed on the embedded curve occurs (between the sender and the
recipient's public key), whose `x` coordinates are summed for a random,
uniform value (as an eVRF would). This value is used as a mask to encrypt the
communicated secret share, with the zero-knowledge proof proving it's
well-formed. This removes the need for a complaint round from the protocol,
allowing it to truly complete (with all recipients holding valid shares) in
just one round.
For a gist of the verifiable encryption scheme, please see
https://gist.github.com/kayabaNerve/cfbde74b0660dfdf8dd55326d6ec33d7. For
security proofs and audit information, please see
[here](../../../audits/crypto/dkg/evrf).
---
This library supports being run in no-std contexts with `alloc` when the `std`
feature (on by default) is disabled. Due to the intensity of the ZK proofs,
this isn't recommended, yet may be justified when _verifying_ posted proofs are
correct.
Reference in New Issue View Git Blame Copy Permalink